While reading through the blog post that discusses how Sony’s Playstation network was breached, was I the only one that noticed that playstation network usernames AND passwords were stolen. Perhaps they left out the specifics but, why were the passwords stored using encryption thereby increasing the amount of time and effort required to decrypt the passwords?
Nevertheless, this breach is rather interesting in that the blog post states “While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.” One point of doing proper log management and risk assessments is to be able to see how far the rabbit hole goes when a breach occurs. The ability to know that only a portion of records were affected during a breach can save thousands of even hundreds of thousands of dollars.
